Why does ZWS appear to run as 'root' under HP-UX?On HP-UX, userspace utilities such as top or ps report that ZWS is running as root even though it has been configured to run as different user. # ps -ef | grep zeus.web root 16423 16284 1 21:34:08 pts/ta 0:00 grep zeus.web root 17613 17609 0 22:15:51 ? 0:00 /space/cbuckley/zeus/web/bin/zeus.web root 17609 1 18 22:15:51 ? 0:00 /space/cbuckley/zeus/web/bin/zeus.web root 17612 17609 0 22:15:51 ? 0:00 /space/cbuckley/zeus/web/bin/zeus.web It would appear from this output that ZWS is running as root. Clearly, this has significant security implications. However, the child processes (17612 & 17613) are actually running as a user with a UID of 1596, rather than one of 0 which we would equate with root HP-UX is, correctly, reporting the real GID/UID zeus.web is running as. However, we rely on downgrading ZWS' child process(es) upon start-up to those of an effective permission referred to above, HP-UX's ps utility is outputting the real permissions, which unfortunately serves to confuse the security conscious systems administrator. The important question is we need to ask is, 'How can I prove that my child process'(remember, the parent zeus.web process will always run as root) are running as the GID/UID specified in $ZEUSHOME/web/global.cfg?" Let's turn to C to help us... Here's the source code[1]:
#include <sys/types.h>
#include <sys/param.h>
#include <sys/pstat.h>
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv)
{
struct pst_status pst;
pid_t pid=0;
int count=0;
/* Assume pid to check is passed in as first arg...*/
pid=(pid_t) atoi(argv[1]);
/* Get information about a particular pid-- this is a bit
** strange, but you can set the third parameter (elemcount)
** to 0 and set the last parameter (index) to the pid you
** want information about and it will fill in info for that
** process only. This same call, with different parms can
** get you the info for all executing processes on the system.
*/
count = pstat_getproc(&pst, sizeof(struct pst_status), 0, pid);
switch (count)
{
case -1: perror("pstat_getproc()");
break;
case 0 : fprintf(stderr,"No such pid: %d\n",pid);
break;
default: /* Now that you have the uid values, you could use
** a call to getpwuid to get the password structure
** so that you could print out the user name here,
** but I am not going into that in this example.
*/
fprintf(stdout,"EUID = %ld RUID = %ld EGID = %ld\n",
pst.pst_euid, pst.pst_uid, pst.pst_egid);
break;
}
return(0);
}
Let's compile! /usr/local/bin/gcc pstat.c -o pstat Now we have a pstat binary. We can use this program to satisfy ourselves that ZWS is running with the correct permissions: bash# ./pstat 17609 EUID = 0 RUID = 0 EGID = 0 This is the parent process running as root bash# ./pstat 17612 EUID = 1177 RUID = 0 EGID = 1596 bash# ./pstat 17613 EUID = 1177 RUID = 0 EGID = 1596 These are the zeus.web child processes running with an EGID of 1596. [1]: Original Author L. Spells 17/3/98.
Content Manager
[Administrator] 05 June 2006
|
Recent Articles
Other Resources
|


